Google’s Android Vulnerability Identified by a Security Firm, No Patch Released Yet

In modern times, third party security firms are often more active than the actual tech companies that create the hardware and the software.

Recently, a firm that was supposed to protect companies was hacked and a lot of passwords got leaked. However, the company later confirmed that everything is under control and that they have taken necessary measures to ensure the all the passwords are changed to ensure maximum security.

Most companies rely on third parties to provide them security services because high profile hackers and security experts are usually freelancers who don’t prefer a full time job. The trend continues with another announcement that comes from a company named Zimperium. The discovery that they have made has exposed a harmful vulnerability in all Android phones shipped in 2014.

According to the company, at least 95% of the phones shipped last year are vulnerable and can be hacked if a team of hackers decide to do so. At least 1 billion phones were shipped in 2014 and based on this report; over 950 million phones are vulnerable.

Zimperium has notified Google in due time, but the company is yet to officially release a patch to fix it. The security firm sent an alert to the search engine giant in the month of April. There is no explanation as to why Google is so slow in fixing the vulnerability and ensuring that all Android users are safe.

The identified Android flaw can be triggered by sending a simple text message to any device. As soon as a user opens the message, the malicious code will execute automatically. The code can be executed in two different ways. One is by sending a picture message and another is through Google Hangouts. The Hangouts version is serious because as soon as the notification pops in your screen, the code will execute.

It will automatically execute one more time in the preview window and also when you open the message in the Hangouts app. The Android phone will be compromised after the malicious code is successfully executed. All messages, user credentials and personal information shared using the phone can be tapped into. The hacker could remotely access it and meddle with it.

The vulnerability is found in all the Android versions released so far, including Jelly Bean, Kit Kat and the newly released Lollipop. The firm confirmed that it has not been exploited so far and it is Google’s duty to fix it without further delay.